A control method and system for a controllable application programming API interface
By using automated contract parsing and strategy generation, distributed execution, and monitoring and optimization modules, the problem of the disconnect between API runtime strategies and design contracts is solved, enabling precise, automated management and real-time optimization of API strategies.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- TANGSHAN QIANFENG TECHNOLOGY CO LTD
- Filing Date
- 2026-03-17
- Publication Date
- 2026-06-19
AI Technical Summary
In existing technologies, the runtime management strategy of APIs is seriously out of sync with the design contract, resulting in insufficient protection or excessive restrictions, and the APIs cannot evolve automatically with design iterations.
The contract parsing and strategy generation module automatically compiles the API design contract into an executable runtime control strategy. Combined with the distributed strategy execution module, the strategy is deployed and executed on the API call chain. The runtime monitoring and strategy optimization module performs data analysis and optimization to form an adaptive closed loop.
It enables precise and automated generation and execution of API policies, reduces operation and maintenance costs, ensures consistency between policies and design contracts, and provides real-time health assurance and optimization suggestions.
Smart Images

Figure CN122240213A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the fields of software security and operation and maintenance technology, and more specifically, to a control method and system for a controllable application programming API interface. Background Technology
[0002] With the widespread adoption of microservice architecture and cloud-native technologies, Application Programming Interfaces (APIs) have become the core hub for internal and external interactions within software systems. To ensure the stability, security, and observability of APIs, the industry typically employs middleware technologies such as API gateways and service meshes to implement unified policy control along the API call chain, including authentication, traffic limiting, circuit breaking and degradation, and data anonymization. Existing technical solutions generally follow a "runtime management" paradigm, whereby after API deployment, operations or security personnel manually configure corresponding policy rules on control planes such as gateways based on experience. This model treats API "development and design" and "operational governance" as two separate stages, relying on post-event manual intervention and static rules.
[0003] However, this traditional control method suffers from a core technical problem: a severe disconnect between runtime management strategies and the API's design contract. Current approaches rely on operations personnel manually configuring API security, performance, and compliance strategies after deployment based on documentation or experience. This process is not only slow and inefficient, but more importantly, it lacks a machine-readable, automatic correlation between these manual strategies and the precise performance goals, security specifications, and data constraints established during the API's initial design. This disconnect directly results in management rules often failing to accurately reflect business intent, leading to insufficient protection or excessive restrictions, and the strategies themselves cannot automatically evolve with design iterations. Summary of the Invention
[0004] To overcome the aforementioned deficiencies of the prior art, the present invention provides a control method and system for a controllable application programming API interface to solve the problems mentioned in the background art.
[0005] In a first aspect, embodiments of this application provide a controllable application programming API interface-based control system, comprising: The contract parsing and strategy generation module is used to access the design contracts generated by the API development system and compile the design contracts into executable runtime control strategies. A distributed strategy execution module, connected to the contract parsing and strategy generation module, is used to deploy and enforce the runtime control strategy in a distributed manner on the call chain of the application programming API interface; The runtime monitoring and strategy optimization module is connected to the distributed strategy execution module. It is used to collect runtime data and strategy execution effect data from the application programming API interface, analyze them, and generate strategy optimization suggestions. The runtime monitoring and strategy optimization module feeds back the strategy optimization suggestions to the contract parsing and strategy generation module to optimize subsequent strategy compilation and generation.
[0006] In some embodiments of this application, the design contract includes the API's functional definition, performance requirements, and security constraints.
[0007] In some embodiments of this application, the contract parsing and strategy generation module is specifically used for: Extract performance metrics from the design contract and generate corresponding flow control and circuit breaker degradation strategies; Identify sensitive data fields from the design contract and generate data anonymization or encrypted transmission strategies; Based on the service dependencies in the design contract, a dependency fault isolation strategy is generated.
[0008] In some embodiments of this application, the distributed policy enforcement module includes a centralized policy enforcement unit deployed on the API gateway, and a service mesh sidecar proxy enforcement unit deployed on each business service side.
[0009] In some embodiments of this application, the runtime monitoring and policy optimization module is specifically used for: By analyzing the runtime data and strategy execution effect data through machine learning models, the thresholds or rules of the runtime control strategy are dynamically adjusted. Identify abnormal call patterns and generate new protection rules, which are then fed back to the contract parsing and strategy generation module.
[0010] Secondly, embodiments of this application provide a controllable application programming API interface control method, comprising the following steps: S1: Obtain the API design contract generated by the API development system; S2: Parse the API design contract and compile its functional, performance, and security constraints into a deployable runtime control policy; S3: Distribute and execute the runtime control strategy on the call chain nodes of the application programming API interface to manage API call requests in real time; S4: Monitor the API runtime status and policy execution effect, generate policy optimization suggestions and feed them back to S2 to optimize subsequent policy compilation.
[0011] In some embodiments of this application, in S2, performance requirements are compiled into rate limiting rules, and security constraints are compiled into field-level security policies.
[0012] In some embodiments of this application, real-time control includes identity authentication and traffic shaping at the API gateway layer, and content-based request verification and dependency circuit breaking at the service mesh sidecar proxy layer.
[0013] In some embodiments of this application, strategy optimization suggestions include: Predict traffic based on historical call patterns and adjust rate limiting thresholds; Anomaly detection models are used to generate interception rules for malicious access.
[0014] In some embodiments of this application, a control method for a controllable application programming API interface further includes: feeding back the monitored system health and risk data to the API development system.
[0015] Compared with the prior art, the beneficial effects of the present invention are: 1. This invention, through a "contract parsing and strategy generation module," automatically compiles API design contracts into executable runtime control strategies, completely changing the traditional model that relies on human experience and manually writes configuration files after API deployment. This not only shortens time and significantly reduces operation and maintenance costs, but also eliminates errors and inconsistencies that may be caused by manual configuration from the source. 2. This invention employs a "design contract-driven" model from development to management, enabling business requirements such as performance indicators and security constraints to be seamlessly and automatically transformed into precise control strategies such as rate limiting and data masking, thus solving the problem of disconnect between strategies and original designs in traditional methods. Simultaneously, the "distributed strategy execution module," through the collaboration of the gateway and the sidecar proxy, ensures consistent execution of the same strategy across all nodes in a complex call chain. 3. This invention collects and intelligently analyzes performance data through a "runtime monitoring and strategy optimization module," automatically adjusting strategy parameters or generating new protection rules to form an adaptive closed loop of "monitoring-analysis-optimization." This process not only ensures the health of API operation in real time but also feeds optimization experience back to the strategy generation end and even upstream development systems. Attached Figure Description
[0016] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in this invention. For those skilled in the art, other drawings can be obtained based on these drawings.
[0017] Figure 1The system composition and closed-loop diagram provided for this invention; Figure 2 A flowchart of the control method provided by the present invention; Figure 3 Detailed diagrams are generated for the strategies provided by this invention; Figure 4 The strategy execution architecture diagram provided by this invention; Figure 5 The monitoring optimization closed-loop diagram provided by this invention. Detailed Implementation
[0018] The following specific embodiments illustrate the implementation of the present invention. Those skilled in the art can easily understand other advantages and effects of the present invention from the content disclosed in this specification. Obviously, the described embodiments are only some, not all, of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0019] To enable those skilled in the art to better understand the present application, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments.
[0020] Example 1 Please see Figure 1 This invention provides a controllable application programming interface (API) system. To achieve the above objectives, this invention employs the following technical solution: A controllable application programming interface (API) system, characterized by comprising: a contract parsing and strategy generation module, a distributed strategy execution module, and a runtime monitoring and strategy optimization module. These three modules are connected via a predefined interface protocol and data bus, forming an intelligent closed loop from strategy generation and deployment to effect evaluation and optimization. The system is deployed on an enterprise-level cloud platform and can interface with upstream API development systems through standardized API interfaces, receiving their output design contracts. Simultaneously, its distributed strategy execution module can be seamlessly integrated into existing API gateway clusters and service mesh infrastructure, achieving unified and intelligent management of existing and newly created API traffic.
[0021] Specifically, the contract parsing and strategy generation module, acting as the system's "strategy brain," is a persistent service. It continuously listens for and retrieves "design contracts" from the upstream API development system through a highly available and scalable application programming interface endpoint or message queue subscription mechanism. This design contract is a structured, machine-readable document that includes at least the API's functional definition, performance requirements, and security constraints. Internally, this module contains a rule engine and a strategy compiler. The rule engine has a rich set of built-in strategy templates, such as token bucket rate limiting templates, circuit breaker blocking templates, and regular expression data masking templates. The strategy compiler parses the input design contract, instantiates the corresponding strategy templates based on the extracted constraint indicators, and generates specific, executable "runtime control strategies." These strategies are also represented as structured data; for example, a rate limiting strategy is generated for performance requirements, and a data masking strategy is generated for security constraints.
[0022] This embodiment uses a "User Information Query Interface" design contract from an API development system as an example to illustrate the workflow of this module in detail. The rule engine of the contract parsing and strategy generation module first parses the received structured contract document. It extracts metrics such as query rate per second from the performance section, triggers a rate-limiting strategy template, and generates a runtime control strategy that implements global rate limiting on the target interface. From the security section, it identifies a list of sensitive fields and authentication requirements, first triggering an authentication strategy that requires token verification at the gateway layer; secondly, for each sensitive field, it triggers a data masking strategy template, generating a masking strategy that performs specific pattern replacement on the corresponding field content in the response body. All these strategies are compiled into a strategy set bound to a unique identifier for the interface, ready for distribution.
[0023] Example 2 Please see Figure 2 This invention provides a controllable application programming interface (API) control method. To achieve the above objectives, this invention is implemented through the following technical solution: A controllable application programming interface (API) control method, characterized by comprising steps S1 to S4, constituting a complete policy lifecycle management process. This method is executed under the coordination of a control system, and its process is automatically orchestrated and status tracked by the system's internal workflow engine, ensuring that the entire process from policy origination to activation and optimization is traceable and auditable.
[0024] Specifically: Step S1, obtain the API design contract generated by the API development system. This step is the starting point of method execution and is key to realizing the concepts of "shifting control left" and "policy as code". The system actively pulls the latest, approved API design contract file from the repository shared with the API development system or through its callback notification interface via polling or event-driven methods. Step S2, parse the API design contract and compile its functional, performance, and security constraints into deployable runtime control policies. This step is the "translation" and "production" stage of the policy, specifically carried out by the contract parsing and policy generation module in Example 1. It not only performs one-to-one direct mapping but also intelligent deduction and conflict detection. For example, when the design contract simultaneously defines high concurrency requirements for an interface and a dependency on calling another low-capacity downstream service, the policy compiler can deduce that a more advanced flow control policy such as "queue buffering" or "fail fast" needs to be implemented in that interface to avoid cascading avalanches. Step S3, distribute and execute the runtime control policy on the call chain nodes of the application programming API interface to manage API call requests in real time. This is the "enabling" phase of the strategy. The generated deployable strategy package is dynamically and seamlessly loaded onto each strategy execution node through the configuration management channel. Once loaded, all API call requests flowing through these nodes will undergo real-time verification and intervention of the strategy rules. Step S4 monitors the API runtime status and strategy execution effect, generates strategy optimization suggestions, and feeds them back to S2 to optimize subsequent strategy compilation. This step constitutes the intelligent closed loop of the method. The system continuously collects rich telemetry data from the execution nodes. Through the aggregation and analysis of this data, the system can evaluate the effectiveness and rationality of the strategy and automatically generate optimization suggestions.
[0025] This embodiment details the distributed deployment and execution of the strategy in step S3. The system control plane first distributes global strategies (such as global rate limiting) to all API gateway instances. Upon receiving the strategy, the gateway dynamically registers the rule in its corresponding plugin. When a user request reaches the gateway, the plugin performs rule validation, such as checking if the request rate exceeds the limit; if so, it immediately returns a specific error response. Simultaneously, fine-grained strategies closely related to the business (such as data anonymization) are distributed to the service mesh sidecar proxy deployed next to the business service instances. When the business service finishes processing the request and prepares to send the response data back, the response traffic first passes through the sidecar proxy. The sidecar proxy, based on the loaded strategy, performs real-time parsing and field content rewriting of the response body, returning the processed data, thereby ensuring the separation of business logic and security control. This layered execution architecture of gateways and sidecars achieves a perfect combination of coarse-grained global control and fine-grained service-specific control.
[0026] Example 3 Please see Figure 3This invention provides a specific implementation of a contract parsing and policy generation module in a controllable application programming API interface control system. To achieve the above objectives, this invention is implemented through the following technical solution: The contract parsing and policy generation module is a highly pluggable microservice that supports multi-source adaptation. Internally, it adopts a pipeline filter architecture, including multiple standardized components such as an input adapter, contract parser, policy rule base, policy compiler, and output adapter, to achieve flexible support for multi-style contract designs and efficient policy output.
[0027] Specifically: The module's workflow begins with the input adapter, which supports receiving raw design contract data from various event sources. The contract parser is the core, a collection of parser plugins with dedicated parsers for different contract formats (such as OpenAPI specifications, custom structures, etc.). The parser's responsibility is to uniformly convert contracts of different formats into an internal standard intermediate representation. The policy rule base is a versioned database storing all policy templates and their metadata. The policy compiler receives the intermediate representation, and its internal workflow consists of three steps: First, constraint extraction is performed, traversing the intermediate representation syntax tree to accurately locate all constraint declarations related to performance, security, and compliance; second, policy matching and selection is performed, matching the extracted constraints with policy templates in the rule base, with the compiler selecting the optimal template based on built-in priority rules and context; finally, parameter binding and policy generation are performed, binding the specific values of the constraints to the parameters of the selected template to generate the final executable policy instance. The output adapter is responsible for packaging the policy instance into a format recognizable by the downstream distributed policy execution module and pushing it.
[0028] In this embodiment, we take processing a "place an order" API design contract containing complex service dependencies as an example. The contract parser successfully extracts the dependency chain of multiple downstream services that the API needs to call. During the matching phase, the policy compiler's dependency analysis engine triggers the generation of policies for "dependency fault isolation." It may select a "circuit breaker" template from the rule base, generate an independent circuit breaker policy for each downstream service call, and set reasonable failure thresholds, reset timeouts, and other parameters. These policies will be distributed as part of the API policy set. In this way, when a downstream service temporarily fails, its circuit breaker will open quickly, preventing upstream interface resources from being dragged down, and may execute predefined degradation logic, thereby ensuring partial availability of the core transaction chain and realizing the advanced capability of automatically generating architectural resilience policies based on the design contract.
[0029] Example 4 Please see Figure 4This invention provides a specific architecture and collaborative working mechanism for a distributed policy execution module in a controllable application programming interface (API) control system. To achieve the above objectives, this invention employs the following technical solution: The distributed policy execution module adopts a "central-edge" hybrid execution architecture, rather than a single execution point. It includes a centralized policy execution unit deployed on the API gateway and service mesh sidecar proxy execution units deployed on the service service sides. Both describe policies through unified custom resource definitions and are coordinated and synchronized by the system's control plane to ensure policy consistency and eventual consistency in a distributed environment.
[0030] Specifically: The centralized policy execution unit is typically built on a high-performance, scalable open-source or commercial API gateway. It primarily manages traffic entering the data center from the outside, executing coarse-grained policies requiring a global perspective or high-performance processing. Its typical responsibilities include: token-based global authentication and authorization; global rate limiting based on multiple dimensions; secure socket termination; and request and response logging and basic metric collection. Centralized deployment makes the management and auditing of these policies very convenient. The service mesh sidecar proxy execution unit is implemented based on service mesh technology, injected into each business service instance as a sidecar container. It primarily manages traffic between services within the data center, executing fine-grained policies closer to the business logic. Its typical responsibilities include: fine-grained routing and access control based on request content (such as specific field values in the header or body); circuit breaking, retry, and timeout management for inter-service calls; real-time modification of response content; and more fine-grained service-level metric collection and distributed tracing context propagation. The control plane acts as the coordination center. By subscribing to policy update events from the contract parsing and policy generation modules, it translates policies into configuration descriptions that both gateways and sidecars can understand. It then performs hot updates through their respective configuration application programming interfaces, enabling policies to take effect across the entire network within minutes.
[0031] This embodiment demonstrates the collaboration between two execution units in a "canary release" scenario. First, the contract parsing and policy generation module generates a "weighted traffic splitting policy" based on operational instructions. Upon receiving this policy, the control plane decomposes and distributes it: a global routing policy is sent to the API gateway, instructing it to route a specific proportion of external user requests to the entry point of the new version service. Simultaneously, a more granular inter-service routing policy is sent to the sidecar proxies of all other services that might call this service, instructing these internal services to distribute requests to the new version instance according to the predetermined proportion when initiating calls. In this way, whether it's a direct request from the outside or an indirect call from other internal services, traffic can be distributed in a uniform and precise proportion, ensuring the consistency of the test environment. This collaboration ensures that the control policy covers the entire call chain from the edge to the core.
[0032] Example 5 Please see Figure 5 This invention provides an intelligent analysis and feedback mechanism for a runtime monitoring and strategy optimization module in a controllable application programming API (API) interface control system. To achieve the above objectives, this invention employs the following technical solution: The runtime monitoring and strategy optimization module is a data intelligence platform integrating real-time stream processing, time-series data storage, and machine learning analysis. It collects massive amounts of runtime data and strategy execution effect data from various nodes of the distributed strategy execution module in near real-time through lightweight agents, and stores them in a high-performance time-series database and data lake for offline and online analysis.
[0033] Specifically, the core analysis engine of this module runs multiple parallel analysis pipelines. The real-time analysis pipeline, built on a stream processing framework, performs window aggregation calculations on the incoming metric streams, monitoring API health and policy execution status in real time. The batch analysis pipeline periodically performs in-depth mining of historical data, executing more complex analysis tasks. One of its core functions is policy effectiveness evaluation and optimization suggestion generation. For example, for a rate limiting policy, the analysis engine will trace back the actual traffic curve, system resource utilization, and subsequent user behavior of restricted requests during the policy's effective period. Through analysis, it may discover that the policy threshold setting is too conservative or too aggressive. Based on this, the engine will generate quantified optimization suggestions. Another key function is abnormal call pattern recognition. The engine uses unsupervised learning algorithms to model the API's call parameters, frequency, source, and other characteristics, automatically identifying suspicious behaviors that deviate from the normal baseline and automatically generating corresponding protection rule suggestions. These policy optimization suggestions are fed back to the contract parsing and policy generation module via message queues or direct application programming interface calls. This module can present suggestions to operations or security personnel for approval, or automatically adopt them according to preset rules in low-risk scenarios, triggering a new round of policy compilation and deployment, thus forming an autonomous closed loop of "monitoring-analysis-optimization-deployment". Simultaneously, this module will feed back macro-level system health and risk data to the API development system through dashboards or reports, providing data-driven decision-making input for subsequent API design and iteration. For example, it can help avoid known high-risk patterns when designing new interfaces, or proactively design degradation plans for frequently failing dependent services.
[0034] This embodiment uses an "intelligent dynamic rate limiting" scenario as an example. The runtime monitoring and strategy optimization module analyzes historical data and discovers a clear daily and promotional cycle pattern in the traffic of a certain interface. Fixed rate limiting strategies waste resources during off-peak periods and may inadvertently harm normal users during sudden peaks. Therefore, the analysis engine trains a time series prediction model and generates a "dynamic rate limiting strategy suggestion": automatically adjusting the rate limiting threshold based on the time cycle and activity calendar. After this suggestion is automatically adopted, the system automatically generates a series of rate limiting strategies with time-triggered conditions, which are dynamically activated by the control plane at the corresponding time points. This process not only significantly improves resource utilization and system resilience but also requires no manual intervention, demonstrating the system's high level of intelligence.
[0035] In conclusion, the above are merely preferred embodiments of the present invention and are not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.
Claims
1. A controllable application programming interface (API) system, characterized in that, include: The contract parsing and strategy generation module is used to access the design contracts generated by the API development system and compile the design contracts into executable runtime control strategies. A distributed strategy execution module, connected to the contract parsing and strategy generation module, is used to deploy and enforce the runtime control strategy in a distributed manner on the call chain of the application programming API interface; The runtime monitoring and strategy optimization module is connected to the distributed strategy execution module. It is used to collect runtime data and strategy execution effect data from the application programming API interface, analyze them, and generate strategy optimization suggestions. The runtime monitoring and strategy optimization module feeds back the strategy optimization suggestions to the contract parsing and strategy generation module to optimize subsequent strategy compilation and generation.
2. The control system with a controllable application programming API interface according to claim 1, characterized in that, The design contract includes the API's functional definition, performance requirements, and security constraints.
3. The control system with a controllable application programming API interface according to claim 1, characterized in that, The contract parsing and strategy generation module is specifically used for: Extract performance metrics from the design contract and generate corresponding flow control and circuit breaker degradation strategies; Identify sensitive data fields from the design contract and generate data anonymization or encrypted transmission strategies; Based on the service dependencies in the design contract, a dependency fault isolation strategy is generated.
4. The control system with a controllable application programming API interface according to claim 1, characterized in that, The distributed policy execution module includes a centralized policy execution unit deployed on the API gateway, and service mesh sidecar proxy execution units deployed on the service service side.
5. The control system with a controllable application programming API interface according to claim 1, characterized in that, The runtime monitoring and strategy optimization module is specifically used for: The runtime data and strategy execution effect data are analyzed using machine learning models to adjust the thresholds or rules of the runtime control strategy. Identify abnormal call patterns and generate new protection rules, which are then fed back to the contract parsing and strategy generation module.
6. A control method for a controllable application programming API interface, characterized in that, Includes the following steps: S1: Obtain the API design contract generated by the API development system; S2: Parse the API design contract and compile its functional, performance, and security constraints into runtime control policies; S3: Distribute and execute the runtime control strategy on the call chain nodes of the application programming API interface to manage API call requests; S4: Monitor the API runtime status and policy execution effect, generate policy optimization suggestions and feed them back to S2 to optimize subsequent policy compilation.
7. The control method for a controllable application programming API interface according to claim 6, characterized in that, In S2, performance requirements are compiled into rate limiting rules, and security constraints are compiled into field-level security policies.
8. The control method for a controllable application programming API interface according to claim 6, characterized in that, The real-time management includes identity authentication and traffic rate control at the API gateway layer, and content-based request verification and dependency circuit breaking at the service mesh sidecar proxy layer.
9. The control method for a controllable application programming API interface according to claim 6, characterized in that, The strategy optimization suggestions include: Predict traffic based on historical call patterns and adjust rate limiting thresholds; Anomaly detection models are used to generate interception rules for malicious access.
10. The control method for a controllable application programming API interface according to claim 6, characterized in that, The method also includes feeding back the monitored system health and risk data to the API development system.